Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

United Kingdom

Secret Policy Allows GCHQ Bulk Access To NSA Data 57

Posted by samzenpus
from the have-some-data dept.
hazeii writes Though legal proceedings following the Snowden revelations, Liberty UK have succeeded in forcing GCHQ to reveal secret internal policies allowing Britain's intelligence services to receive unlimited bulk intelligence from the NSA and other foreign agencies and to keep this data on a massive searchable databases, all without a warrant. Apparently, British intelligence agencies can "trawl through foreign intelligence material without meaningful restrictions", and can keep copies of both content and metadata for up to two years. There is also mention of data obtained "through US corporate partnerships". According to Liberty, this raises serious doubts about oversight of the UK Intelligence and Security Committee and their reassurances that in every case where GCHQ sought information from the US, a warrant for interception signed by a minister was in place.

Eric King, Deputy Director of Privacy international, said: "We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ's database and analyzed at will, all without a warrant to collect it in the first place. It is outrageous that the Government thinks mass surveillance, justified by secret 'arrangements' that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful. This is completely unacceptable, and makes clear how little transparency and accountability exists within the British intelligence community."
Verizon

Verizon Launches Tech News Site That Bans Stories On US Spying 133

Posted by Soulskill
from the pay-no-attention-to-the-man-behind-the-mirror dept.
blottsie writes: The most-valuable, second-richest telecommunications company in the world is bankrolling a technology news site called SugarString.com. The publication, which is now hiring its first full-time editors and reporters, is meant to rival major tech websites like Wired and the Verge while bringing in a potentially giant mainstream audience to beat those competitors at their own game.

There's just one catch: In exchange for the major corporate backing, tech reporters at SugarString are expressly forbidden from writing about American spying or net neutrality around the world, two of the biggest issues in tech and politics today.
The Internet

Open Consultation Begins On Italy's Internet Bill of Rights 93

Posted by Soulskill
from the do-it-right-so-we-can-steal-it dept.
Anita Hunt (lissnup) writes: Hot on the heels of Brazil's recent initiative in this area, Italy has produced a draft [PDF] Declaration of Internet Rights, and on Monday opened the bill for consultation on the Civici [Italian] platform, a first in Europe. "[A]s it is now, it consists of a preamble and 14 articles that span several pages. Topics range from the 'fundamental right to Internet access' and Net Neutrality to the notion of 'informational self-determination.' The bill also includes provisions on the right to anonymity and tackles the highly debated idea of granting online citizens a 'right to be forgotten.' Measures are taken against algorithmic discriminations and the opacity of the terms of service devised by 'digital platform operators' who are 'required to behave honestly and fairly' and, most of all, give 'clear and simple information on how the platform operates.'"
Privacy

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security 120

Posted by Soulskill
from the what-could-possibly-go-wrong dept.
An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."
Privacy

US Post Office Increases Secret Tracking of Mail 106

Posted by Soulskill
from the enjoy-all-those-circulars dept.
HughPickens.com writes: Ron Nixon reports in the NY Times that the United States Postal Service says it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations, in many cases without adequately describing the reason or having proper written authorization. In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests. The surveillance program, officially called mail covers, is more than a century old, but is still considered a powerful investigative tool. The Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit (PDF).

In Arizona in 2011, Mary Rose Wilcox, a Maricopa County supervisor, discovered that her mail was being monitored by the county's sheriff, Joe Arpaio. Wilcox had been a frequent critic of Arpaio, objecting to what she considered the targeting of Hispanics in his immigration sweeps. Wilcox sued the county, was awarded nearly $1 million in a settlement in 2011 and received the money this June when the Ninth Circuit Court of Appeals upheld the ruling. Andrew Thomas, the former county attorney, was disbarred for his role in investigations into the business dealings of Ms. Wilcox and other officials and for other unprofessional conduct. "I don't blame the Postal Service," says Wilcox, "but you shouldn't be able to just use these mail covers to go on a fishing expedition. There needs to be more control."
Businesses

Can Ello Legally Promise To Remain Ad-Free? 151

Posted by timothy
from the anyone-can-promise-anything dept.
Bennett Haselton writes: Social networking company Ello has converted itself to a Public Benefit Corporation, bound by a charter saying that they will not now, nor in the future, make money by running advertisements or selling user data. Ello had followed these policies from the outset, but skeptics worried that venture capitalist investors might pressure Ello to change those policies, so this binding commitment was meant to assuage those fears. But is the commitment really legally binding and enforceable down the road? Read on for the rest.
Government

Identity As the Great Enabler 58

Posted by Soulskill
from the imagine-if-you-will dept.
New submitter steve_torquay writes: Last week, President Obama signed a new Executive Order calling for "all agencies making personal data accessible to citizens through digital applications" to "require the use of multiple factors of authentication and an effective identity proofing process." This does not necessarily imply that the government will issue online credentials to all U.S. residents.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is working towards a distributed identity ecosystem that facilitates authentication and authorization without compromising privacy. NSTIC points out that this is a great opportunity to leverage the technology to enable a wide array of new citizen-facing digital services while reducing costs and hassles for individuals and government agencies alike.
Cellphones

CHP Officers Steal, Forward Nude Pictures From Arrestee Smartphones 271

Posted by Soulskill
from the your-tax-dollars-at-work dept.
sabri writes: Following the initial suspension of a California Highway Patrol officer earlier this week, news has come out that the CHP has an entire ring of officers who steal and subsequently share nude pictures. The nudes are stolen from women who are arrested or stopped. Officer Sean Harrington of Martinez reportedly confessed to stealing explicit photos from the suspect's phone, and said he forwarded those images to at least two other CHP officers. Where is the ACLU when you need them the most?
Verizon

Verizon Injects Unique IDs Into HTTP Traffic 206

Posted by Soulskill
from the doing-the-wrong-thing-badly dept.
An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.
Security

Researcher Finds Tor Exit Node Adding Malware To Downloads 126

Posted by Soulskill
from the at-least-it's-anonymous-malware dept.
Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack.

What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.
Privacy

Assange: Google Is Not What It Seems 288

Posted by timothy
from the mixed-motivations dept.
oxide7 (1013325) writes "In June 2011, Julian Assange received an unusual visitor: the chairman of Google, Eric Schmidt. They outlined radically opposing perspectives: for Assange, the liberating power of the Internet is based on its freedom and statelessness. For Schmidt, emancipation is at one with U.S. foreign policy objectives and is driven by connecting non-Western countries to Western companies and markets. These differences embodied a tug-of-war over the Internet's future that has only gathered force subsequently. Assange describes his encounter with Schmidt and how he came to conclude that it was far from an innocent exchange of views."
Facebook

We Need Distributed Social Networks More Than Ello 269

Posted by timothy
from the pick-your-battles dept.
Frequent contributor Bennett Haselton writes: Facebook threatened to banish drag queen pseudonyms, and (some) users revolted by flocking to Ello, a social network which promised not to enforce real names and also to remain ad-free. Critics said that the idealistic model would buckle under pressure from venture capitalists. But both gave scant mention to the fact that a distributed social networking protocol, backed by a player large enough to get people using it, would achieve all of the goals that Ello aspired to achieve, and more. Read on for the rest.
Privacy

Austin Airport Tracks Cell Phones To Measure Security Line Wait 168

Posted by timothy
from the making-a-list-checking-it-twice dept.
jfruh writes If you get into the TSA security line at Austin-Bergstrom International Airport, you'll see monitors telling you how long your wait will be — and if you have a phone with Wi-Fi enabled, you're helping the airport come up with that number. A system implemented by Cisco tracks the MAC addresses of phones searching for Wi-Fi networks and sees how long it takes those phones to traverse the line, giving a sense of how quickly things are moving. While this is useful information to have, the privacy implications are a bit unsettling.
Advertising

Ello Formally Promises To Remain Ad-Free, Raises $5.5M 167

Posted by timothy
from the now-how-much-would-you-pay? dept.
Social media site Ello is presented as the anti-Facebook, promising an ad-free social network, and that they won't sell private data. Today, they've also announced that Ello has become a Public Benefit Corporation, and that the site's anti-advertising promise has been enshrined in a corporate charter. The BBC reports on the restrictions that Ello has therefore entered into, which mean the site cannot, for monetary gain,
  1. Sell user-specific data to a third party
  2. Enter into an agreement to display paid advertising on behalf of a third party; and
  3. In the event of an acquisition or asset transfer, the Company shall require any acquiring entity to adopt these requirements with respect to the operation of Ello or its assets.

While that might turn off some potential revenue flows (the company says it will make money by selling optional features), as the linked article points out, it hasn't turned off investors; Ello has now raised $5.5 million from investors.

Privacy

Speed Cameras In Chicago Earn $50M Less Than Expected 398

Posted by timothy
from the short-term-memory dept.
countach44 writes that (in the words of the below-linked article) "Chicagoans are costing the city tens of millions of dollars — through good behavior." The City of Chicago recently installed speed cameras near parks and schools as part of the "Children's Safety Zone Program," claiming a desire to decrease traffic-related incidents in those area. The city originally budgeted (with the help of the company providing the system) to have $90M worth of income from the cameras — of which only $40M is now expected. Furthermore, the city has not presented data on whether or not those areas have become safer.
Facebook

Facebook To DEA: Stop Using Phony Profiles To Nab Criminals 239

Posted by Soulskill
from the do-that-with-linkedin-like-everyone-else dept.
HughPickens.com writes: CNNMoney reports that Facebook has sent a letter to the U.S. Drug Enforcement Administration demanding that agents stop impersonating users on the social network. "The DEA's deceptive actions... threaten the integrity of our community," Facebook chief security officer Joe Sullivan wrote to DEA head Michele Leonhart. "Using Facebook to impersonate others abuses that trust and makes people feel less safe and secure when using our service." Facebook's letter comes on the heels of reports that the DEA impersonated a young woman on Facebook to communicate with suspected criminals, and the Department of Justice argued that they had the right to do so. Facebook contends that their terms and Community Standards — which the DEA agent had to acknowledge and agree to when registering for a Facebook account — expressly prohibit the creation and use of fake accounts. "Isn't this the definition of identity theft?" says privacy researcher Runa Sandvik. The DEA has declined to comment and referred all questions to the Justice Department, which has not returned CNNMoney's calls.
Encryption

'Endrun' Networks: Help In Danger Zones 28

Posted by timothy
from the pinging-mr-bourne-mr-jason-bourne dept.
kierny writes Drawing on networking protocols designed to support NASA's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, and debuted at Black Hat Europe, its creators hope the delay-tolerant and disruption-tolerant system — which runs on Raspberry Pi — could be deployed everywhere from Ebola hot zones in Liberia, to war zones in Syria, to demonstrations in Ferguson.
OS X

If You're Connected, Apple Collects Your Data 312

Posted by timothy
from the so-they-can-notify-next-of-kin dept.
fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?
Advertising

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy 131

Posted by timothy
from the trying-to-keep-the-golden-goose-alive dept.
As reported by VentureBeat, dissapearing-message service Snapchat is introducing ads. Considering how most people feel about ads, they're trying to ease them in gently: "Ads can be ignored: Users will not be required to watch them. If you do view an ad, or if you ignore it for 24 hours, it will disappear just like Stories do." Hard to say how much it will mollify the service's users, but the company says "We won’t put advertisements in your personal communication – things like Snaps or Chats. That would be totally rude. We want to see if we can deliver an experience that’s fun and informative, the way ads used to be, before they got creepy and targeted."
Cellphones

Florida Supreme Court: Police Can't Grab Cell Tower Data Without a Warrant 114

Posted by timothy
from the let's-hope-it's-catchy dept.
SternisheFan writes with an excerpt from Wired with some (state-specific, but encouraging) news about how much latitude police are given to track you based on signals like wireless transmissions. The Florida Supreme Court ruled Thursday that obtaining cell phone location data to track a person's location or movement in real time constitutes a Fourth Amendment search and therefore requires a court-ordered warrant.

The case specifically involves cell tower data for a convicted drug dealer that police obtained from a telecom without a warrant. But the way the ruling is written (.pdf), it would also cover the use of so-called "stingrays" — sophisticated technology law enforcement agencies use to locate and track people in the field without assistance from telecoms. Agencies around the country, including in Florida, have been using the technology to track suspects — sometimes without obtaining a court order, other times deliberately deceiving judges and defendants about their use of the devices to track suspects, telling judges the information came from "confidential" sources rather than disclose their use of stingrays. The new ruling would require them to obtain a warrant or stop using the devices. The American Civil Liberties Union calls the Florida ruling "a resounding defense" of the public's right to privacy.

You can do this in a number of ways. IBM chose to do all of them. Why do you find that funny? -- D. Taylor, Computer Science 350

Working...